目錄
高可用概述
# 什么是高可用
一般是指2台機器啟動着完全相同的業務系統,當有一台機器down機了,另外一台服務器就能快速的接管,對於訪問的用戶是無感知的。
# 高可用常用軟件
硬件:F5
軟件:keepalived
# keepalived如何實現高可用
keepalived軟件是基於VRRP協議實現的,VRRP虛擬路由冗余協議,主要用於解決單點故障問題
VRRP誕生原由
· 用戶上網通過指定ip經過路由器訪問外網,但最開始用戶並不知道ip地址所對應mac地址,於是通過ARP地址廣播方式找到網關mac地址,找到之后將對應ip地址和mac地址對應信息寫入到ARP緩存表中,下次連接pc直接通過緩存表信息連接(無需廣播,除非arp緩存表到期),但如果出現網關出現硬件或者邏輯損壞導致不可用,若將另一台硬件設備頂替原本網關,使用舊設備ip地址,則會發現依舊無法上網,原因:用戶本身存在ARP緩存表,就算有了新的硬件網關,但ip還是老ip,所以會直接走本身緩存,除非arp緩存表到期,或者手動刪除arp緩存表信息,這樣用戶才會再次發起廣播,如下圖:
uploading-image-379760.png
· 但如上面的解決方式問題又來了,要是master恢復正常,是不是還需要重新清空緩存表呢?全都是手動方式,不實際,由此誕生了VRRP,VRPP其實是通過軟件或者硬件的形式在Master和Backup外面增加一個虛擬的MAC地址(VMAC)與虛擬ip地址。
漂移地址:當VIP在master中時,則VIP對應mac地址為master網卡mac,若VIP在backup中時,則VIP對應mac為backup網卡mac,所以是會根據vip地址所在主機網卡進行綁定。
keepalived注意
1.keepalived分為搶占式和非搶占式,
注意:如果是搶占式,腳本只需要放在MASTER上,如果是非搶占式,腳本必須放在MASTER和BACKUP上
搶占式:當master故障,backup自動接管,但當master恢復后自動搶奪會主位置
非搶占式:當master故障,backup自動接管,但當master恢復后,master並不會采取搶奪,而是等backup故障后在接替。
2.keepalived高可用可利用在很多地方,並不是只能針對nginx使用,有些服務若本身沒有自帶高可用服務,可使用keepalived為此服務。所以nginx並沒有綁定在keepalived上,當nginx故障,keepalived並不會自動停止服務,而是繼續工作,vip依然不會漂移,所以在寫keepalived配置文件時,需要綁定腳本一起工作,當然腳本需要自己寫
3.腦裂問題:。由於某些原因,導致兩台keepalived高可用服務器在指定時間內,無法檢測到對方的心跳,各自取得資源及服務的所有權,而此時的兩台高可用服務器又都還活着。
相關文件及介紹
# keepalived主配置文件介紹
[root@lb01 ~]# vim /etc/keepalived/keepalived.conf # MASTER配置
global_defs { # 全局定義
router_id lb01 # 標識身份名稱
}
vrrp_script sh { # 因keepalived並不會做到監控nginx,如nginx停止,
script "/etc/nginx/jiankong.sh" # keepalived服務依然存活,需要監本對nginx實現監控
interval 5 # 這里為指定腳本路徑路徑,及腳本運行間隔時長
}
vrrp_instance VI_1 { # 實例配置
state MASTER # 標識角色狀態
interface eth0 # 網卡綁定接口
virtual_router_id 50 # 虛擬路由id
priority 150 # 優先級
advert_int 1 # 檢測檢測間隔時間
authentication { # 認證
auth_type PASS # 認證方式
auth_pass 1111 # 認證密碼
}
virtual_ipaddress { # 虛擬地址配置
10.0.0.3 # 虛擬VIP地址
}
track_script { # 類似於nginx的引用upstream信息
sh # 這里可理解成引用定義腳本路徑名稱
}
}
nginx和keepalived服務綁定腳本
# 創建腳本,使keepalived監測nginx,如nginx停止運行,keeplived也停止,那么master(vip)轉移至bakcup上,當然這里的腳本可在被主配置文件所調用
[root@lb01 nginx]# cat /etc/nginx/jiankong.sh
#!/bin/bash
nginx_status=$(ps -C nginx --no-header|wc -l)
if [ $nginx_status -eq 0 ];then
systemctl start nginx
sleep 3
nginx_status=$(ps -C nginx --no-header|wc -l)
if [ $nginx_status -eq 0 ];then
systemctl stop keepalived
fi
fi
keepalived腦裂問題
# 1.書寫腳本(防止出現master和backup無法通訊問題,同時出現兩個vip地址,導致地址沖突,網頁無法訪問)
# 腳本翻譯:在backup嘗試ping兩次master的ip,查看是否通訊,如果可以通訊,出現master和backup中同時存在vip地址,則將backup中的keepalived停止,如出現master具有vip,而backup沒有,則頁面輸出正常,但如果出現最開始的ping都無法ping通master,直接輸出信息。(建議最開始要使用密鑰對方式連接master,否則,此腳本需要一直輸入密碼,而且在運行腳本時可以使用sh.sh &放在后台執行。)
[root@lb02 ~]# vim sh.sh
#!/bin/bash
vip=10.0.0.3
lb01_ip=10.0.0.5
while true;do
ping -c 2 $lb01_ip &>/dev/null
if [ $? -eq 0 ];then
lb01_vip_status=$(ssh $lb01_ip "ip add|grep $vip|wc -l")
lb02_vip_status=$(ip add|grep $vip|wc -l)
if [ $lb01_vip_status -eq 1 -a $lb02_vip_status -eq 1 ];then
echo '主節點和備節點都有VIP,開始關閉備節點的VIP...' >>/var/log/nginx/error.log
systemctl stop keepalived
elif [ $lb01_vip_status -eq 1 -a $lb02_vip_status -eq 0 ];then
echo '主節點存在vip,備節點沒有vip,正常。。。' >>/var/log/messages
fi
else
echo '主節點無法通信' >>/var/log/nginx/error.log
fi
sleep 5
done
非搶占配置
# 這種方式在生產中一般很少使用
1、兩個節點的state都必須配置為BACKUP
2、兩個節點都必須加上配置 nopreempt
3、其中一個節點的優先級必須要高於另外一個節點的優先級。
兩台服務器都角色狀態啟用nopreempt后,必須修改角色狀態統一為BACKUP,唯一的區分就是優先級。
Master配置
vrrp_instance VI_1 {
state BACKUP
priority 150
nopreempt
}
Backup配置
vrrp_instance VI_1 {
state BACKUP
priority 100
nopreempt
}
keepalived實戰演練
要求
# **完善架構**
1.web01 02 03 部署nginx 和php 80端口
2.lb部署https證書,80強轉443
3.NFS: sersync
4.MySQL
5.RSYNC 實時備份 NFS
- wordpress
- zh
6.搭建keeplived實現兩台lb做主備(搶占式)
環境部署
| 主機名 | 內網ip | 外網ip | 角色 |
|---|---|---|---|
| lb01 | 172.16.1.5 | 10.0.0.5 | 負載均衡/keepalived |
| lb02 | 172.16.1.6 | 10.0.0.6 | 負載均衡/keepalived |
| web01 | 172.16.1.7 | 10.0.0.7 | web服務器 |
| web02 | 172.16.1.8 | 10.0.0.8 | web服務器 |
| web03 | 172.16.1.9 | 10.0.0.9 | web服務器 |
| db01 | 172.16.1.51 | 10.0.0.51 | 數據庫服務器 |
| nfs | 172.16.1.31 | 10.0.0.31 | 靜態資源存儲 |
| backup | 172.16.1.41 | 10.0.0.41 | 備份服務器 |
操作流程
1.web服務及php安裝配置
# 1.安裝nginx及php(三台web均需安裝)
[root@web01 nginx.php]# yum localinstall -y nginx-1.18.0-1.el7.ngx.x86_64.rpm
[root@web01 nginx.php]# yum localinstall -y php*
# 2.統一用戶(三台web均需創建)
[root@web01 conf.d]# groupadd www -g 666
[root@web01 conf.d]# useradd www -u 666 -g 666 -s /sbin/nologin
[root@web01 conf.d]# vim /etc/nginx/nginx.conf
user www;
[root@web01 conf.d]# vim /etc/php-fpm.d/www.conf
user = www
group = www
# 3.書寫nginx配置文件搭建知乎及wordpress(web01中書寫,其他web直接拷貝web01即可)
[root@web01 conf.d]# vim /etc/nginx/conf.d/wp.conf ---------wordpress配置文件
server {
listen 80;
server_name wp.linux.com;
root /code/wp;
index index.php index.html;
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
}
[root@web01 conf.d]# vim /etc/nginx/conf.d/zh.conf ---------知乎配置文件
server {
listen 80;
server_name zh.linux.com;
root /code/zh;
index index.php index.html;
location ~ \.php {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
}
# 4.檢測配置文件,並啟動服務
[root@web01 conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@web01 conf.d]# systemctl start nginx php-fpm
# 5.檢測服務是否啟動
[root@web01 conf.d]# netstat -lntup|grep 80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 7308/nginx: master
[root@web01 conf.d]# netstat -lntup|grep 9000
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 7307/php-fpm: mast
# 6.根據配置文件創建對應站點目錄(三台web均需創建)
[root@web01 conf.d]# mkdir /code/{wp,zh} -p
# 7.將對應壓縮包上傳至對應站點目錄並解壓
[root@web01 zh]# unzip WeCenter_3-2-1.zip
[root@web01 wp]# tar xf wordpress-5.0.3-zh_CN.tar.gz
# 8.對站點目錄更改權限
[root@web01 wp]# chown -R www.www /code
# 9.頁面測試(在windows中配置域名解析)
wp.linux.com
zh.linux.com
2.數據庫服務器安裝配置
# 1.數據庫安裝
[root@db01 ~]# yum install -y mariadb-server
# 2.啟動數據庫
[root@db01 ~]# systemctl start mariadb
# 3.為wp和zh創建對應連接用戶
MariaDB [(none)]> grant all on *.* to wp_user@'%' identified by '123';
MariaDB [(none)]> grant all on *.* to zh_user@'%' identified by '123';
# 4.創建對應數據庫
MariaDB [(none)]> create database wp;
MariaDB [(none)]> create database zh;
# 5.繼續連接web頁面,填寫數據庫信息
- wordpress瀏覽器訪問
搭建博客
- zh瀏覽器訪問
3.其他web同步
# 1.將web01中的配置文件操作復制到web02和web03中
[root@web01 wp]# cp -r /etc/nginx/conf.d/* root@10.0.0.8:/etc/nginx/conf.d/
[root@web01 wp]# scp -r /etc/nginx/conf.d/* root@10.0.0.9:/etc/nginx/conf.d/
# 2.將web01中的站點目錄信息復制到web02和web03中
[root@web01 wp]# scp -r /code/wp/* root@10.0.0.8:/code/wp/
[root@web01 wp]# scp -r /code/zh/* root@10.0.0.8:/code/zh/
[root@web01 wp]# scp -r /code/wp/* root@10.0.0.9:/code/wp/
[root@web01 wp]# scp -r /code/zh/* root@10.0.0.9:/code/zh/
# 3.修改權限
[root@web02 wp]# chown -R www.www /code
[root@web03 conf.d]# chown -R www.www /code
4.nfs安裝及配置
# 1.nfs安裝(服務端安裝)
[root@nfs ~]# yum install -y nfs-utils
# 2.nfs客戶端安裝
[root@web02 wp]# yum install -y nfs-utils
[root@web03 wp]# yum install -y nfs-utils
[root@web01 wp]# yum install -y nfs-utils
# 3.修改nfs配置文件
[root@nfs ~]# vim /etc/exports
/wp 172.16.1.0/24(sync,rw,all_squash,anonuid=666,anongid=666)
/zh 172.16.1.0/24(sync,rw,all_squash,anonuid=666,anongid=666)
# 4.創建對應用戶及目錄
[root@nfs ~]# groupadd www -g 666
[root@nfs ~]# useradd www -u 666 -g 666 -s /sbin/nologin -M
[root@nfs ~]# mkdir /{wp,zh}
[root@nfs ~]# chown -R www.www /wp
[root@nfs ~]# chown -R www.www /zh
# 5.啟動服務
[root@nfs ~]# systemctl start nfs-server
[root@nfs ~]# systemctl enable nfs-server
# 6.檢測服務是否正常(通過客戶端檢測)
[root@web01 wp]# showmount -e 172.16.1.31
Export list for 172.16.1.31:
/zh 172.16.1.0/24
/wp 172.16.1.0/24
# 7.客戶端將需要掛載文件提前發送至nfs服務端,並修改權限
[root@web01 wp]# scp -r /code/wp/wp-content/uploads/* root@10.0.0.31:/wp
[root@web01 wp]# scp -r /code/zh/uploads/* root@10.0.0.31:/zh
[root@nfs wp]# chown -R www.www /wp
[root@nfs wp]# chown -R www.www /zh
# 8.客戶端掛載
[root@web01 wp]# mount -t nfs 172.16.1.31:/wp /code/wp/wp-content/uploads/
[root@web01 wp]# mount -t nfs 172.16.1.31:/zh /code/zh/uploads/
[root@web02 wp]# mount -t nfs 172.16.1.31:/wp /code/wp/wp-content/uploads/
[root@web02 wp]# mount -t nfs 172.16.1.31:/zh /code/zh/uploads/
[root@web03 wp]# mount -t nfs 172.16.1.31:/wp /code/wp/wp-content/uploads/
[root@web03 wp]# mount -t nfs 172.16.1.31:/zh /code/zh/uploads/
5.sersync實現實時監控
# 1.服務安裝(backup服務端)
[root@backup ~]# yum install -y rsync
# 2.配置文件修改
[root@backup ~]# vim /etc/rsyncd.conf
uid = www
gid = www
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = rsync_backup
secrets file = /etc/rsync.passwd
log file = /var/log/rsyncd.log
#####################################
[zh]
comment = welcome to oldboyedu backup!
path = /zh
[wp]
comment = welcome to oldboyedu backup!
path = /wp
# 3.根據配置文件創建用戶
[root@backup ~]# groupadd www -g 666
[root@backup ~]# useradd www -u 666 -g 666 -s /sbin/nologin -M
# 4.根據配置文件創建目錄
[root@backup ~]# mkdir /{wp,zh}
# 5.授權
[root@backup ~]# chown -R www.www /{wp,zh}
# 6.創建認證用戶賬號密碼,並修改權限
[root@backup ~]# cat /etc/rsync.passwd
rsync_backup:123
[root@backup /zh]# chmod 600 /etc/rsync.passwd
# 7.啟動服務
[root@backup ~]# systemctl start rsyncd
[root@backup ~]# systemctl enable rsyncd
6.inotify安裝及配置
# 1.服務安裝(backup客戶端)
[root@nfs wp]# yum install -y rsync inotify-tools
# 2.下載sersync包
[root@nfs wp]# wget https://raw.githubusercontent.com/wsgzao/sersync/master/sersync2.5.4_64bit_binary_stable_final.tar.gz
# 3.解壓
[root@nfs wp]# tar xf sersync2.5.4_64bit_binary_stable_final.tar.gz
# 4.移動目錄
[root@nfs wp]# mv GNU-Linux-x86/ /usr/local/sersync
# 5.修改配置文件(只監控nfs中wp目錄,還需稍后新增目錄)
[root@nfs wp]# vim /usr/local/sersync/confxml.xml
<inotify>
<delete start="true"/>
<createFolder start="true"/>
<createFile start="true"/>
<closeWrite start="true"/>
<moveFrom start="true"/>
<moveTo start="true"/>
<attrib start="true"/>
<modify start="true"/>
</inotify>
<sersync>
<localpath watch="/wp">
<remote ip="10.0.0.41" name="wp"/>
<!--<remote ip="192.168.8.39" name="tongbu"/>-->
<!--<remote ip="192.168.8.40" name="tongbu"/>-->
</localpath>
<rsync>
<commonParams params="-az"/>
<auth start="true" users="rsync_backup" passwordfile="/etc/rsync.passwd"/>
<userDefinedPort start="false" port="874"/><!-- port=874 -->
<timeout start="false" time="100"/><!-- timeout=100 -->
<ssh start="false"/>
</rsync>
# 6.根據配置文件創建密碼文件(只需寫入用戶)
[root@nfs wp]# vim /etc/rsync.passwd
123
# 7.更改密碼文件權限
[root@nfs wp]# chmod 600 /etc/rsync.passwd
# 8.監控zh目錄,多編寫一個配置文件
[root@nfs wp]# cd /usr/local/sersync/
[root@nfs sersync]# cp confxml.xml zh.xml ---和wp相比只需要修改此處即可
<sersync>
<localpath watch="/zh">
<remote ip="10.0.0.41" name="zh"/>
<!--<remote ip="192.168.8.39" name="tongbu"/>-->
<!--<remote ip="192.168.8.40" name="tongbu"/>-->
</localpath>
# 9.啟動服務
[root@nfs sersync]# /usr/local/sersync/sersync2 -rdo /usr/local/sersync/zh.xml
[root@nfs sersync]# /usr/local/sersync/sersync2 -rdo /usr/local/sersync/confxml.xml
7.部署lb負載均衡
# 1.服務安裝
[root@lb01 nginx.php]# yum localinstall -y nginx-1.18.0-1.el7.ngx.x86_64.rpm
[root@lb02 nginx.php]# yum localinstall -y nginx-1.18.0-1.el7.ngx.x86_64.rpm
# 2.創建證書目錄
[root@lb01 nginx.php]# mkdir -p /etc/nginx/{wp_ssl,zh_ssl}
# 3.生成證書
[root@lb01 wp_ssl]# cd /etc/nginx/zh_ssl/
[root@lb01 zh_ssl]# openssl genrsa -idea -out server.key 2048
Generating RSA private key, 2048 bit long modulus
..................+++
........+++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
Verify failure
User interface error
140555897681808:error:0906906F:PEM routines:PEM_ASN1_write_bio:read key:pem_lib.c:385:
[root@lb01 ssl_key]# ls
server.key
# 4.1.生成自簽證書,同時去掉私鑰密碼(為zh生成)
root@lb01 zh_ssl]# openssl req -days 36500 -x509 -sha256 -nodes -newkey rsa:2048 -keyout server.key -out server.crt
Generating a 2048 bit RSA private key
..................................+++
...........................................+++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:cn
Locality Name (eg, city) [Default City]:cn
Organization Name (eg, company) [Default Company Ltd]:cn
Organizational Unit Name (eg, section) []:cn
Common Name (eg, your name or your server's hostname) []:zh.com # 注意此處需要和web端域名一致
Email Address []:123@qq.com
# 4.2 生成自簽證書,為wp生成
[root@lb01 wp_ssl]# cd /etc/nginx/wp_ssl/
[root@lb01 nginx]# cd wp_ssl/
[root@lb01 wp_ssl]# openssl genrsa -idea -out server.key 2048
Generating RSA private key, 2048 bit long modulus
.........................+++
.......................................................................+++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
[root@lb01 wp_ssl]# openssl req -days 36500 -x509 \
> -sha256 -nodes -newkey rsa:2048 -keyout server.key -out server.crt
Generating a 2048 bit RSA private key
...........................................................................................................................+++
..................................+++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:ch
State or Province Name (full name) []:changha^H^H
Locality Name (eg, city) [Default City]:shanghai
Organization Name (eg, company) [Default Company Ltd]:shiwei
Organizational Unit Name (eg, section) []:shiwei
Common Name (eg, your name or your server's hostname) []:wp.com # 一定注意為后端web服務器域名
Email Address []:123@qq.com
# 5.查看生成證書,並將證書scp到lb02
[root@lb01 wp_ssl]# ll
total 8
-rw-r--r-- 1 root root 1399 Jun 4 01:35 server.crt
-rw-r--r-- 1 root root 1708 Jun 4 01:35 server.key
[root@lb01 zh_ssl]# ll
total 8
-rw-r--r-- 1 root root 1338 Jun 4 01:36 server.crt
-rw-r--r-- 1 root root 1704 Jun 4 01:36 server.key
[root@lb01 ~]# scp -r /etc/nginx/{wp_ssl,zh_ssl} root@10.0.0.6:/etc/nginx/
# 6.書寫配置文件
[root@lb01 zh_ssl]# vim /etc/nginx/conf.d/lb_wp.conf (wp的負載配置文件)
upstream wp {
server 172.16.1.7;
server 172.16.1.8;
server 172.16.1.9;
}
server {
listen 80;
server_name www.wp.com;
return 302 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name www.wp.com;
ssl_certificate /etc/nginx/wp_ssl/server.crt; # 指定wp證書地址
ssl_certificate_key /etc/nginx/wp_ssl/server.key; # 指定wp證書地址
location / {
proxy_pass http://wp;
include proxy_params;
}
}
[root@lb01 conf.d]# vim lb_zh.conf (zh負載配置文件)
upstream zh {
server 172.16.1.7;
server 172.16.1.8;
server 172.16.1.9;
}
server {
listen 80;
server_name www.zh.com;
return 302 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name www.zh.com;
ssl_certificate /etc/nginx/zh_ssl/server.crt; # 指定zh證書路徑
ssl_certificate_key /etc/nginx/zh_ssl/server.key; # 指定zh證書路徑
location / {
proxy_pass http://zh;
include proxy_params;
}
}
# 7.將配置文件scp到lb02中
[root@lb01 ~]# scp -r /etc/nginx/conf.d/* root@10.0.0.6:/etc/nginx/conf.d/
[root@lb02 /etc/nginx/conf.d]# ll
total 8
-rw-r--r-- 1 root root 514 Jun 6 05:04 lb_wp.conf
-rw-r--r-- 1 root root 514 Jun 6 05:04 lb_zh.conf
# 8.重啟服務
[root@lb01 conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@lb01 conf.d]# systemctl restart nginx
[root@lb02 /etc/nginx/conf.d]# systemctl restart nginx
8.nginx告知php開啟https
# 1.web開啟https(三台web的wp文件都需要增加,或者可以在include文件中增加開啟信息)
[root@web01 conf.d]# vim /etc/nginx/conf.d/wp.conf
server {
listen 80;
server_name www.wp.com;
root /code/wp;
index index.php index.html;
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_param HTTPS on; # 僅增多了此行
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
}
# 2.web中開啟https (三台web的zh配置文件都如下放所以,多增加注釋一行信息)
[root@web01 conf.d]# vim /etc/nginx/conf.d/zh.conf
server {
listen 80;
server_name www.zh.com;
root /code/zh;
index index.php index.html;
location ~ \.php {
fastcgi_pass 127.0.0.1:9000;
fastcgi_param HTTPS on; # 多增加此行信息
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
}
# 3.每台web都需重載配置文件
[root@web02 conf.d]# systemctl restart nginx
# 4.瀏覽器測試(先做好域名解析)
-
訪問www.zh.com頁面
-
查看之前新增頁面
-
嘗試多寫一片文章,看后端是否會自動備份
- zh備份目錄已自動備份
- 訪問wordpress
- 先查看wp備份目錄下文件
- 再次寫一片博客
- 查看備份目錄是否自動同步
9.搶占式keepalived安裝及配置
# 1.keepalived安裝
[root@lb01 ~]# yum install -y keepalived
[root@lb02 ~]# yum install -y keepalived
# 2.修改高可用配置文件
[root@lb01 ~]# vim /etc/keepalived/keepalived.conf # MASTER配置
global_defs { # 全局定義
router_id lb01 # 標識身份名稱
}
vrrp_script sh { # 因keepalived並不會做到監控nginx,如nginx停止,
script "/etc/nginx/jiankong.sh" # keepalived服務依然存活,需要監本對nginx實現監控
interval 5 # 這里為指定腳本路徑路徑,及腳本運行間隔時長
}
vrrp_instance VI_1 { # 實例配置
state MASTER # 標識角色狀態
interface eth0 # 網卡綁定接口
virtual_router_id 50 # 虛擬路由id
priority 150 # 優先級
advert_int 1 # 檢測檢測間隔時間
authentication { # 認證
auth_type PASS # 認證方式
auth_pass 1111 # 認證密碼
}
virtual_ipaddress { # 虛擬地址配置
10.0.0.3 # 虛擬VIP地址
}
track_script { # 類似於nginx的引用upstream信息
sh # 這里可理解成引用定義腳本路徑名稱
}
}
# 3.創建腳本,使keepalived監測nginx,如nginx停止運行,keeplived也停止,那么master(vip)轉移至bakcup上
· 說明:ps -C :可查看nginx的全部pid
接上--no-header 不顯示首行沒用信息
ps -C nginx --no-header|wc -l 查看nginx的所有pid
[root@lb01 nginx]# cat /etc/nginx/jiankong.sh
#!/bin/bash
nginx_status=$(ps -C nginx --no-header|wc -l)
if [ $nginx_status -eq 0 ];then
systemctl start nginx
sleep 3
nginx_status=$(ps -C nginx --no-header|wc -l)
if [ $nginx_status -eq 0 ];then
systemctl stop keepalived
fi
fi
# 4.將腳本權限授予執行權限
[root@lb01 nginx]# chmod +x /etc/nginx/jiankong.sh
# 5.為lb02配置keepalived配置文件
[root@lb02 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
router_id lb02 # 標識身份名稱(不要和master一致,區分身份使用)
}
vrrp_instance VI_1 {
state backup # 標識角色狀態
interface eth0 # 網卡綁定接口
virtual_router_id 50 # 虛擬路由id
priority 100 # 優先級(因是backup需要低於master,數值越大優先級越高)
advert_int 1 # 檢測間隔時間
authentication { # 認證
auth_type PASS # 認證方式
auth_pass 1111 # 認證密碼
}
virtual_ipaddress {
10.0.0.3 # 虛擬ip(需要和master中保持一致)
}
}
## 注意:如果是搶占式,腳本只需要放在MASTER上,如果是非搶占式,腳本必須放在MASTER和BACKUP上,所以此處backup不需要書寫腳本
# 6.啟動服務
[root@lb01 /]# systemctl start keepalived
[root@lb02 /]# systemctl start keepalived
10.防止腦裂問題產生,書寫腳本
# 1.書寫腳本(防止出現master和backup無法通訊問題,同時出現兩個vip地址,導致地址沖突,網頁無法訪問)
# 腳本翻譯:在backup嘗試ping兩次master的ip,查看是否通訊,如果可以通訊,出現master和backup中同時存在vip地址,則將backup中的keepalived停止,如出現master具有vip,而backup沒有,則頁面輸出正常,但如果出現最開始的ping都無法ping通master,直接輸出信息。(建議最開始要使用密鑰對方式連接master,否則,此腳本需要一直輸入密碼,而且在運行腳本時可以使用sh.sh &放在后台執行。)
[root@lb02 ~]# vim sh.sh
#!/bin/bash
vip=10.0.0.3
lb01_ip=10.0.0.5
while true;do
ping -c 2 $lb01_ip &>/dev/null
if [ $? -eq 0 ];then
lb01_vip_status=$(ssh $lb01_ip "ip add|grep $vip|wc -l")
lb02_vip_status=$(ip add|grep $vip|wc -l)
if [ $lb01_vip_status -eq 1 -a $lb02_vip_status -eq 1 ];then
echo '主節點和備節點都有VIP,開始關閉備節點的VIP...' >>/var/log/nginx/error.log
systemctl stop keepalived
elif [ $lb01_vip_status -eq 1 -a $lb02_vip_status -eq 0 ];then
echo '主節點存在vip,備節點沒有vip,正常。。。' >>/var/log/messages
fi
else
echo '主節點無法通信' >>/var/log/nginx/error.log
fi
sleep 5
done
11.keepalived測試
# 1.書寫腳本,持續對網頁狀態碼監控(因是https方式訪問,出現長連接情況,此處需要301狀態碼為正常)
#!/bin/bash
while true;do
code_status=$(curl -I -m 10 -o /dev/null -s -w %{http_code} www.wp.com)
if [ $code_status -eq 301 ];then
echo "$(date +%F-%T)_網站訪問成功" >> /tmp/web.log
else
echo "$(date +%F-%T)_網站訪問失敗,狀態碼是: $code_status" >> /tmp/web.log
fi
sleep 1
done
- 顯示結果
